DEV Community

loading...

Days 1 and 2 - Auth

Alex Sopinka
Serial entrepreneur. Coder. Taco Lover.
・1 min read

It wasn't so bad the past couple of days. A stable core product means I can stay head down in some code. And I definitely needed the focus.

Being a startup, we've moved fast and cut a couple corners here and there over the years. Nothing critical, just not the cleanest code in some places... and of course, that will eventually come back to bite you in the ass.

After the past couple of days, my ass looks like hamburger meat. I've been bitten a lot. Some key findings:

  • hardcoded dependencies on Slack being the OAuth provider
  • assumptions that we'd have Slack or a similar workplace messaging tool as the initial authentication for new users (with a "team"-like structure)
  • duplicate code copy/pasted in multiple places

Obviously some of the fixes were easy, like the copy/pasted code. Just a little refactoring there. The hardcoded dependencies and assumptions were a little trickier, and required some changes up and down the stack from front-end to database.

I'm happy to say we've got the Google OAuth implemented and working, intertwined with all the setup steps we take for new Slack users.

Sign in with Google

With the groundwork now set for multiple auth providers, I feel better when inevitably we need to add another "Sign in with XYZ Service".

Random pro-tip: if you're manually setting cookies to store something temporary, make sure you mark HttpOnly and Secure to true.

Discussion (0)